Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1910
Views
0
Helpful
2
Replies

FMC "Blacklist IP Now" feature in Connection Events not working ?

craig.cordts
Level 1
Level 1

‎09-11-2019 03:57 PM - edited ‎02-21-2020 09:29 AM

Does anyone know how the "Blacklist IP Now" feature in Connection Events should work. It seems to add the IP address to the "Global Blacklist" but I still see future connections from that IP being allowed. 

 

In the image below, 222.186.52.78 has been blacklisted. 

 

 

Preview file
42 KB
0 Helpful
2 Replies 2

johnlloyd_13
Level 9
Level 9

‎09-11-2019 08:17 PM

hi,

You can Blacklist a Destination IP address (Responder IP) by doing a right-click on the specific IP > Blacklist IP Now.

see helpful link:

http://wannabecybersecurity.blogspot.com/2019/06/configuring-cisco-fmc-security.html


You can verify the added Blacklist IP by going again to Objects > Security Intelligence > Network Lists and Feed > Global-Blacklist > edit (pencil icon).

0 Helpful

craig.cordts
Level 1
Level 1
In response to johnlloyd_13

‎09-12-2019 09:53 AM

Thanks John-

 

What I am trying to do is Blacklist the Initiator IP. 

 

The FMC will allow me to select the initiator address and select Blacklist Now and it indeed gets successfully added to the Global Blacklist but future connections from that blacklisted address are still allowed based on the Connection Events log

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card